Windows Server 2012 Windows Server 2012 R2 Preview 1 2013.07.12#1AgendaServer Manager Windows PowerShell 3.0SMB 3.0Hyper-VVDIDirectAccessIIS 8.0IPAMDHCP FailoverActive Directory Domain ServiceAD DS on Hyper-VDynamic Access Control

#Server Manager#3

Modern UI

#4

#56

#6

#7

123#8

#9( Server Core) VHD

#You can now add roles locally, remotely, on Server Core, or on offline VHDs directly from Server Manager.10PowerShell 2300 IntelliSense

#11#12Windows Server 2012 3:Server Core Server Core (MinShell)Server Core GUIGUINEW#13?The Windows Server 2012 GUI GUIOS GUI1The challenges Server Core #14Server CoreServer Core -.Net Framework 4.5- SQL Server 2012WinRM Windows PowerShell Server Core MinShell

.Net Framework 4.5Active Directory (AD) Active Directory Lightweight Directory Services (ADLDS) Active Directory Certificate Services (ADCS)DHCP Server DNS Server File Services BITS Server BranchCache Hyper-V Internet Information Services (IIS) Printing Services Streaming Media Services iSCSI Load Balancing MPIO qWave Telnet Unix Migration SQL Server 2012 #While Microsoft remains committed to GUIs, they believe the primary place GUIs should exist is on the administrators desktop not on the Server, Server resources are much more expensive than client resources and running GUIs on servers requires additional software components. Every component increases the security and serviceability exposure of that server so you should only install those components that are necessary to that server workload. Fewer things running on the server means fewer patches and more resources available to the server workload. In Windows Server 2012 theyve made several investments to help administrators succeed in choosing Server Core as the primary deployment option for Windows Server. The traditional Server with a GUI is still provided as a backwards compatibility option.The number of server roles that run on Server Core has increased with support for .Net Framework 4.5 included. SQL Sever 2012 now installs, eliminating the most common reason administrators cited for not being able to run in the Server Core configuration. Firewall-friendly remote management (WinRM) and Windows PowerShell are now enabled and installed by default on all servers, removing any configuration needed before being able to manage the server remotely. Windows PowerShells 2300+ cmdlets provide the command line coverage necessary for most admin scenarios. For the first time ever, Microsoft released a Beta version of the Remote Server Administrative Tools at the same time as the Server Beta providing a rich GUI experience to manage all Servers, including Server Core, from a Windows Client.Perhaps most significantly however, theyve added the ability to move between Server Core and Server with a GUI (MinShell) without the need to reinstall the server! This means administrators can safely start with their server deployed in the Server Core configuration and if they find they need the GUI they can add it, and also remove it as needed using the SCONFIG CLI tool, Windows PowerShell or the Add/Remove Roles and Features Wizard. This in-between option provides many of the benefits of Server Core while still having the safety-factor of being able to run GUIs should the administrator need to log into the Server directly.

15MinShellGUI Server CoreServer Manager cmd.exe GUIPowerShell GUI

#The minimal user experience option (MinShell) provides Server Core with GUI tools. Server Manager and cmd.exe launch by default when server is booted allowing other GUI tools to be loaded as desired. MinShell can be enabled Add Roles and Features wizard, or with PowerShell.

16MinShell Uninstall-WindowsFeature Server-GUI-Shell

Uninstall-WindowsFeature Server-GUI-Shell -remove

Install-WindowsFeature Server-Gui-Mgmt-Infra

Install-WindowsFeature Server-Gui-Shell

Install-WindowsFeatureDesktop-Experience#MinShell can be enabled through the Add Roles and Features Wizard of Server Manager or by using PowerShell to install the appropriate Windows Features:Server-Gui-Mgmt-Infra: infrastructure and a minimal server interface that supports GUI management toolsServer-Gui-Shell: provides the full Windows graphical user interface for server, including Windows Explorer and Internet Explorer. Unilnstalling the shell reduces the servicing footprint of the installation, while leaving the ability to run local GUI management toolsDesktop-Experience: includes features of Windows Server 2012, such as Windows Media Player, desktop themes, an photo management. Desktop Experience does not enable any of the Windows Server 2012 features; you must manually enable them.

In previous versions of Windows, even if a server role or feature was disabled, the binary files for it were still present on the disk, consuming space. In Windows Server 2012, not only can you disable a role or feature, but you can also completely remove its files, a state called disabled with payload removed. To reinstall a role or feature that is disabled with payload removed, you must have access to an installation source, such as an installation DVD.To completely remove a role or feature, use Remove with the Uninstall-WindowsFeature cmdlet of Windows PowerShell. For example, to completely remove Windows Explorer, Internet Explorer, and dependent components, run:Uninstall-WindowsFeature Server-Gui-Shell -remove

17Server CoreMinShellServer W/GUIDesktop ExperienceAvailableAvailableAvailableAvailableWindows PowerShellAvailableAvailableAvailableAvailableNot AvailableAvailableAvailableAvailableMMCNot AvailableAvailableAvailableAvailableNot AvailableNot AvailableAvailableAvailableNot AvailableSome AvailableAvailableAvailableWindows ExplorerNot AvailableNot AvailableAvailableAvailableNot AvailableNot AvailableAvailableAvailableNot AvailableNot AvailableAvailableAvailableInternet ExplorerNot AvailableNot AvailableAvailableAvailableNot AvailableNot AvailableAvailableAvailableNot AvailableNot AvailableNot AvailableAvailableNot AvailableNot AvailableNot AvailableAvailableWinRTNot AvailableNot AvailableNot AvailableAvailableNot AvailableNot AvailableNot AvailableAvailable#[review the differences in feature sets between the available interfaces]18Windows PowerShell#19Windows PowerShell ?PowerShell 3.0 OS:Built-in:Windows Server 2012Windows 8:Windows 7 SP1Windows Server 2008 SP2Windows Server 2008 R2 SP1

#PowerShell has always focused on people using computers in a business context. PowerShell needed to be consistent, safe, and productive. Much has been made of the similarities between PowerShell and UNIX but in this regard, Microsofts ties are much closer to VMS/DCL and AS400/CL.

Consistent: Operators and developers dont have a lot of time to learn new things. A consistent experience lets them to invest once in a set of skills and then use those skills over and over again. PowerShell uses a single common parser for all commands and performs common parameter validation delivering absolute consistency in command line syntax. PowerShell cmdlets are designed in a way that ubiquitous parameters can provide consistent functions to all commands (e.g. ErrorAction, ErrorVariable, OutputVariable, etc)

Safe: An Operator once said that occasionally he was about to do something and realized that if he got it wrong, he would be fired. In PowerShell, if you ever execute a cmdlet which has a side-effect on the system, you can always type WhatIf to test what would happen if you go through with the operation. It also supports Confirm, -Verbose and Debug. Despite these safeguards, things can go wrong and when they do, PowerShell spends a lot of effort to speed up the process of diagnosing and resolving the error.

Productive: Every aspect of PowerShells design maximizes the power of users (ergo the name). PowerShell makes it easy to perform bulk operations across a large number of machines. PowerShell also makes it easy to have productive engagements between your operators and developers because it allows them to speak a common language and to help each other with their scripts.

Microsofts goal has always been to deliver a single tool which could span the needs of operators doing ad hoc operations, simple scripting, formal scripting, advanced scripting and developers doing systems-level programming. Most importantly, they wanted to develop a tool which could be used by BOTH operators and developers to bridge the gap between the groups and allow them to create common scripts, learn from each other and work together. As youll see, PowerShell 3.0 continues in that effort.

20Windows.NET FrameworkPowerShell exebatVBScriptJScriptScript Engine

CLRClass LibraryPowerShell COMcmd/commandWindows Script HostCscript.exeWscript.exeCOM# PowerShell GUI Active DirectoryActive DirectoryPowerShell Active Directory Hyper-VHyper-VPowerShell System Center Virtual Machine ManagerPowerShell#

PS C:\>Set-ExecutionPolicy RemoteSignedPS C:\>Enable-PSRemoting forcePS C:\>notepad $profile#23 Set-ExecutionPolicy

Restricted ()AllSignedRemoteSigned UnrestrictedBypasshttp://technet.microsoft.com/ja-jp/library/dd347628.aspxScope

#13/7/12 1110242005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Storage

PS C:\> Get-CommandPS C:\> Get-Command *-vm* -CommandType Cmdlet PS C:\> Get-Command -Module Hyper-VPS C:\> Get-Help -detailedPS C:\> Get-Help Move-VM -detailed#unix ls get-ChildItemcp copy-Object grep select-Stringsort sort-Objectman helpclear clear-Hostcat get-Contentkill stop-Processtee tee-Objecttail get-Content

Get-Alias #IT Pro Windows PowerShell 3.0~2,430 (Windows Server 2008/R2 230 )PowerShell ISEIntellisenseSnippets3rd Show-Command Windows Workflow Foundation PowerShell

#Easier to AutomateWindows Server 2008/R2 shipped with ~230 cmdlets. Windows Server 2012 beats that by a factor of over 10 shipping ~ 2,430 cmdlets. You can now automate almost every aspect of the server. There are cmdlets for networking, storage, clustering, RDS, DHCP, DNS, File Servers, Print, SMI-S etc. the list goes on. Windows Server 2012 is, by far, the most automatable version of Windows ever. Microsoft wanted to significantly lower the skill level required to successfully automate a complex solution. The ultimate goal is a world where operators think about what they want, type it and get it. Every customers needs and scenarios are different so they need to script their own solutions. Microsofts goal is to make it simple and easy to author scripts gluing together high level task oriented abstractions. The number one factor in making it simple is cmdlet coverage. That is why having ~2,430 cmdlets makes Windows Server 2012 so much easier to automate. A number of these cmdlets are extremely effective in dealing with the messy, real-world life of datacenters. There are cmdlets to work with REST APIs, JSON objects and even to get, parse and post web pages from management applications if required.

There are already a large number of hardware and software partners that are shipping PowerShell cmdlets and those that havent released them yet are working to quickly deliver them in the next versions of their products. You should definitely make sure that any product you buy delivers a full set of PowerShell cmdlets. If it doesnt, you should think twice and do some due diligence to make sure you are getting a product that is current and is still being invested in. If they didnt do PowerShell, what other things they missing? The good news is that a lot of the products will support PowerShell by the time Windows Server 2012 ships.PowerShell 3.0 simplifies the language and utility cmdlets to reduce the steps and syntax necessary to perform an operation.

PowerShell3.0 improves the authoring tools operators use to create scripts and author workflows. PowerShell-ISE now supports rich IntelliSense, snippets, 3rd party extensibility and a Show-Command window which makes it easy to find exactly the right command and parameters you need to accomplish a task.

WorkflowMicrosoft integrated the Windows Workflow Foundation engine into PowerShell to make it simple and easy to automate things that take a long time, that operate against a very large scale, or that require the coordination of multiple steps across multiple machines. Traditionally Windows Workflow has been a developer-only tool requiring visual studio and a lot of code to create a solution. Theyve made it an in-the-box solution that allows administrators to create a solution using their existing PowerShell scripting skill. Workflow provides direct support for parallel execution, operation retries, and the ability to suspend and resume operations. For example, a workflow can detect a problem that requires manual intervention, notify the operator of this condition and then suspend operations until the operator corrects the situation and resumes the workflow.

You can use any of the available Workflow designers to create workflows; however, Microsoft took it a step further and simplified authoring by extending the PowerShell language with the workflow keyword. Any operator or developer can now easily author a workflow using the tools that ship in all Windows SKUs. The behaviors of a workflow are different than a function and there are a few more rules but if you know how to write a PowerShell function, you are 80% of the way to being able to write a workflow. Authoring workflows using PowerShell is much easier than working with XAML and many of us easier to understand than Workflow designer tools. You also get the benefit of being able to paste them into email and have someone be able to read/review it without having to install special tools. Scheduled jobsMicrosoft seamlessly integrated Powershell and Task Scheduler to make it simple and easy to automate operations that either occur on a regular schedule or in response to an event occurring. For example, lets say you have a workflow which is meant to run forever. It collects configuration information (disk info) and then suspends itself. The workflow is started and given a well-known name CONFIG. You can resume the workflow using Task Scheduler by registering a Scheduled Job to run at a specific time each week and after every system startup. When a configured trigger occurs, the scheduled job runs and resumes the workflow using its well-known name. The workflow then collects the configuration information, putting it into a new file, and suspending itself again.

(continued from previous hidden slide)

Robust NetworkingIn previous releases, PowerShell shipped with remoting disabled by default and required operators to go to each machine and issue the Enable-PSRemoting cmdlet in order to remotely manage it. As a Cloud OS, remote management of servers via PowerShell is now the mainstream scenario, so weve reduced the steps required and enabled PowerShell remoting by default in all server configurations. We did extensive security analysis and testing to ensure that this was safe.WS-MAN is Microsofts primary management protocol, while COM and DCOM are kept for backwards compatibility. WS-MAN is a Web-Services protocol using HTTP and HTTPS. While these are effectively REST protocols, PowerShell establishes a session layer on top of these to reuse a remote process for performance and to take advantage of session state. These sessions were robust in the face of modest network interruptions but would occasionally break when operators managed servers from their laptops over Wi-Fi networks while roaming between buildings. The session layer of WSMAN has been enhanced. By default, it will survive network interruptions up to 3 minutes. Disconnected Sessions support was added to PowerShell sessions which give users the option to disconnect from an active remote session and later reconnect to the same session, without losing state or being forced to terminate task execution. You can even connect to the session from a different computer (just like a remote desktop session).

Lets take a closer look at a few of these new features.

27

Show-Command Cmdlet

#The new Show-Command cmdlet lets beginners run cmdlets from a dialog box. Running Show-Command without parameters displays a list of available cmdlets. Like Get-Command, it lists all cmdlets, functions, aliases, and scripts installed on the system.

At the Windows PowerShell command prompt, type Show-Command, and then press ENTER.

You can filter by Module and use the Name box to search.

In the example we are searching through all modules for any name containing Item. When you click on a command, in this case Get-Item it will provide you with a dialog box in which to designate parameters.

28PS TargetSource1Source2 PS State=Disconnected, Availability=None Disconnect-PSSession Disconnect PC Disconnected

2State=DisconnectedAvailability=NoneDisconnect-PSSessionConnect-PSSession#PS > $S = New-PSSession -ComputerName Target1PS > $Result = Invoke-Command -Session $S {Get-Service}PS > Disconnect-PSSession -Session $S

Id Name ComputerName State ConfigurationName Availability -- ---- ------------ ----- ----------------- ------------121 Session121 Target1 Disconnected Microsoft.PowerShell NoneTargetPC1PC2PS > Get-PSSession -ComputerName Target1 Id Name ComputerName State ConfigurationName Availability -- ---- ------------ ----- ----------------- ------------10 Session112 tfdc01 Disconnected Microsoft.PowerShell Busy12 Session121 tfdc01 Disconnected Microsoft.PowerShell None

PS > $S = Get-PSSession -Name Session121 -ComputerName Target1PS > Connect-PSSession -Session $S#PowerShell 3.0 - WF

WF12checkpoint1checkpoint3WF12

#PowerShell ISE workflow workflow ( ) {}workflow MyWorkflow ( [String] $ServiceName ){Get-Service -PSComputerName $PSComputerName -Name $ServiceName}MyWorkflow PS C:\>mywf -PSComputerName 127.0.0.1 -ServiceName wuauserv#RemoteServerDC01RunningSuspendedRunning$S = New-PSWorkflowSession -ComputerName DC01Invoke-Command -Session $S -FilePath .\CreateNewUser.ps1PSDC01Invoke-Command -Session $S {Get-Command -CommandType Workflow}Invoke-Command -Session $S {CreateUser -PSPersist $true -ErrorAction SilentlyContinue -AsJob}DC01 DC01 $S = New-PSWorkflowSession -ComputerName DC01Invoke-Command -Session $S { Get-Job }IDInvoke-Command -Session $S { Resume-Job 3 }PC#PSWA

Windows PowerShell Web AccessServer

PCSessionPS SessionWS-Man PS SessionIntranetDMZInternetHomeDevices

#34PowerShell Web Access

PowerShell Web Access #

IIS SSL

#3. PowerShell

4. PS C:\> Set-ExecutionPolicy RemoteSignedPS C:\> Import-Module PowerShellWebAccessPS C:\> Install-PswaWebApplication -webSiteName "Default Web Site" PS C:\> Add-PswaAuthorizationRule * * *

5. https:///pswa

#

RunAsUser

WinRM

$Cred = Get-Credential Credential contoso\administrator Set-Item WSMan:\localhost\Plugin\Microsoft.Powershell.Workflow\RunAsUser -Value $Cred Restart-Service WinRM Get-ChildItem WSMan:localhost\Plugin\Microsoft.Powershell.Workflow #Delegated Permissions allow for the use of alternate credentials during a workflow.

1. Type the following command, and then press ENTER. $Cred = Get-Credential Credential contoso\administrator When prompted for a password, type Passw0rd!, and then click OK. 2. Type the following command, and then press ENTER. Set-Item WSMan:\localhost\Plugin\Microsoft.Powershell.Workflow\RunAsUser -Value $Cred To set the RunAsUser property, you use the Set-Item cmdlet with the $Cred parameter as the value of the Value parameter. The RunAsPassword value is configured automatically based on the value of the PSCredential object. 3. To make the change effective, type the following command, and then press ENTER. Restart-Service WinRM To make the change effective, you use the Restart-Service cmdlet to restart the WinRM service. 4. To see the effect of the change, type the following command, and then press ENTER. Get-ChildItem WSMan:localhost\Plugin\Microsoft.Powershell.Workflow To see the effect of the change, use the Get-ChildItem cmdlet to view the properties of the Microsoft.PowerShell.Workflow session configuration. All commands that are invoked in the Microsoft.PowerShell.Workflow endpoint will now run using the administrator credentials.

38SnippetsISE

[]-[]New-ISESnippetGet-ISESnippet

#PowerShell 3.0 has support for built-in snippets and those that you create using the New-IseSnippet command. The snippet will persist across ISE sessions!39Intellisense- (dash) verb

. (period)

:: (double colon)

\ (backslash)

(space) #IntelliSense complements tab completion in the Windows PowerShell Integrated Scripting Environment (ISE). While tab completion allows you to cycle through the options, IntelliSense displays a drop-down list of context-sensitive options.

IntelliSense automatically displays a list of options when you type any of the following:

- (dash) after a verb, as in Get- or before a parameter name, as in Get-Process . (period) after an object, as in $host. :: (double colon) after a type, as in [int]:: \ (backslash) for providers, as in C:\ (space) after parameters

40SMB 3.0#41?

SMB #Increased throughput. The file server can simultaneously transmit more data using multiple connections for high speed network adapters or multiple network adapters.Network Fault Tolerance. When using multiple network connections at the same time, the clients can continue to work uninterrupted despite the loss of a network connection.Automatic Configuration: SMB Multichannel automatically discovers the existence of multiple available network paths and dynamically adds connections as required. Administrative effort is reduced.

42tNICtNICNIC & SMB 3.0 NIC 32 NIC/Team OS Static or LACP/ SMB 3.0 with RSSSMB 11NIC 4 TCP/IP Connection1 32 Connection

NIC NICCoreCoreCoreCoreCPURSS: Receive-side scaling NICNICNIC Teaming NIC RDMA(Remote Direct Memory Access) CoreCore NICNICCoreCoreSMB Multi. RSSRSSRSSRSSRSSRSSSMB Multi. SMB SWITCHNIC Teaming#(Continued from previous hidden slide)

SMB3.0

SMB SMBSMBCSV V2Windows Server 2012

SMBSMB ( ) SMB I/O

SMB SMB SMB SMB

SMB SMB (RDMA) CPU Hyper-V SQL Server

: I/O I/O IOPS SQL Server Hyper-V SMB

SMB : SMB3 SMB3 SQL Server (OLTP) / (I/O) SMB MTU (1 MB SMB ) SQL Server

PowerShell : Windows PowerShell SMB

SMB Hyper-V SMB3.0 VHD SMB SMBSQL Server 2008 R2 SMB43SMB 3.0 Windows Server 2012 Windows 8 1 1 RSS (Receive Side Scaling) 2 NIC 1 RDMA (Remote Direct Memory Access) SMB 1 RSS Windows Server 2012 Windows 8 Windows PowerShell /

#RequirementsSMB Multichannel requires the following:At least two computers running Windows Server 2012 or Windows 8.At least one of the configurations below:Multiple network adaptersOne or more network adapters that support RSS (Receive Side Scaling)One of more network adapters configured with NIC TeamingOne or more network adapters that support RDMA (Remote Direct Memory Access)Sample Configurations that do not use SMB MultichannelThe following are sample network configurations that do not use SMB Multichannel:Single non-RSS-capable network adapters. This configuration would not benefit from multiple network connections, so SMB Multichannel is not used.Network adapters of different speeds. SMB Multichannel will choose to use the faster network adapter. Only network interfaces of same type (RDMA, RSS or none) and speed will be used simultaneously by SMB Multichannel, so the slower adapter will be idle.InstallationSMB Multichannel is enabled by default. There is no need to install components, roles, role services or features. The SMB client will automatically detect and use multiple network connections if a proper configuration is identified.44 NIC SMB ClientSMB ServerNICSWITCHNIC1CPUCPUCPUNIC 1 core SMB ClientSMB ServerNICSWITCHNIC1RSSRSSCPUCPUCPUTCP/IP NIC RSS 1NIC 4#This typical configuration involves an SMB client and SMB Server configured with a single 10GbE NIC. Without SMB multichannel, if there is only one SMB session established, SMB uses a single TCP/IP connection, which naturally gets affinitized with a single CPU core. If lots of small IOs are performed, its possible for that core to become a performance bottleneck.Most NICs today offer a capability called Receive Side Scaling (RSS), which allows multiple connections to be spread across multiple CPU cores automatically. However, when using a single connection, RSS cannot help.With SMB Multichannel, if the NIC is RSS-capable, SMB will create multiple TCP/IP connections for that single session, avoiding a potential bottleneck on a single CPU core when lots of small IOs are required.45 NIC SMB ClientSMB ServerNICSWITCHNIC1CPU1NICSMB ClientSMB ServerNICSWITCHNIC1RSSRSSCPUCPUNIC RSS NIC 32 1NIC4RSSNICNIC1NICSWITCHNICCPUNICSWITCHNICRSSRSSSMB ClientSMB ServerNICSWITCHNICNICSWITCHNICRSS RSS #When using multiple NICs without SMB multichannel, if there is only one SMB session established, SMB creates a single TCP/IP connection using only one of the many NICs available. In this case, not only its not possible to aggregate the bandwidth of the multiple NICs (achieve 2Gbps when using two 1GbE NICs, for instance), but there is a potential for failure if the specific NIC chosen is somehow disconnected or disabled.With Multichannel, SMB will create multiple TCP/IP connections for that single session (at least one per interface or more if they are RSS-capable). This allows SMB to use the combined NIC bandwidth available and makes it possible for the SMB client to continue to work uninterrupted if a NIC fails.46SMB ClientSMB ServerRDMANICSWITCHRDMANIC11 TCP/IP NIC1SMB over RDMA SMB ClientSMB ServerRDMANICRDMANIC1NIC RDMA RDMA 2 connections /1NICRDMANICSWITCHRDMANICRDMANICSWITCHRDMANIC1 RDMA NIC SWITCHSWITCH#SMB Multichannel is the feature responsible for detecting the RDMA capabilities of NICs to enable the SMB Direct feature (SMB over RDMA). Without SMB Multichannel, SMB will use regular TCP/IP with these RDMA-capable NICs (they all provide a TCP/IP stack side-by-side with the new RDMA stack).With SMB Multichannel, SMB will detect the RDMA capability and create multiple RDMA connections for that single session (two per interface). This allows SMB to use the high throughput, low latency and low CPU utilization offered by these RDMA NICs. It will also offer fault tolerance if youre using multiple RDMA interfaces.

47NICSMB ClientSMB ServerNICSWITCHNIC1NIC1 TCP/IP NIC1SMB ClientSMB ServerNICNIC1NICNICNICNIC1NICNICSWITCHNICNICSWITCHNIC RDAM NICTeamingTeamingTeamingTeamingSWITCHSWITCHRSSRSSRSSRSS#Windows Server 2012 supports the ability to combine multiple NICs into one using a new feature commonly referred to as NIC teaming. Although a team always provides fault tolerance, SMB without Multichannel will create only one TCP/IP connection per team, leading to limitations in both the number of CPU cores engaged and the use of the full team bandwidth.SMB Multichannel will create multiple TCP/IP connections, allowing for better balancing across CPU cores with a single SMB session and better use of the available bandwidth. NIC Teaming will continue to offer the failover capability, which will work faster than using SMB Multichannel by itself. NIC Teaming is also recommended because it offers failover capabilities to other workloads that do not rely on SMB and therefore cannot benefit from the failover capabilities of SMB Multichannel.

48/RDMA/NIC Teaming NICTeamingSMBSMB CPU N/A RSSRDMA#Heres a table summarizing the different capabilities available when combining SMB Multichannel, RDMA (SMB Direct) and NIC Teaming.For non-RDMA NICs, your best bet is combining NIC Teaming with SMB Multichannel. This will give you the best throughput, plus fault tolerance for applications using SMB and other protocols.When using RDMA NICs, Load Balancing and Failover with NIC Teaming is not a good option, since it disables the RDMA capability of the NIC.

49SMB NIC RSS NIC4 TCP/IP RDMA NIC2 RDMA NIC1 TCP/IP 321Microsoft recommends keeping default settings, but the parameters can be modifiedClientServer 1 Session/32 ConnectionsSMBSMB#SMB Multichannel will use a different number of connections depending on the type of interface:For RSS-capable interfaces, 4 TCP/IP connections per interface are usedFor RDMA-capable interfaces, 2 RDMA connections per interface are usedFor all other interfaces, 1 TCP/IP connection per interface is usedThere is also a limit of 8 connections total per client/server pair which will limit the number connections per interface.For instance, if you have 3 RSS-capable interfaces, you will end up with 3 connections on the first, 3 connections on the second and 2 connections on the third interface.Microsoft recommends that you keep the default settings for SMB Multichannel. However, those parameters can be adjusted.50SMB /SMB :

SMB Set-SmbServerConfiguration -EnableMultiChannel $falseSet-SmbClientConfiguration -EnableMultiChannel $falseSMB :

SMB :

Set-SmbServerConfiguration -EnableMultiChannel $trueSet-SmbClientConfiguration -EnableMultiChannel $true#DisablingSMB Multichannel is enabled by default and there is typically no need to disable it. However, if you want to disable SMB Multichannel (for testing purposes, for instance), you can use PowerShell.On the SMB server side:Set-SmbServerConfiguration -EnableMultiChannel $falseOn the SMB client side:Set-SmbClientConfiguration -EnableMultiChannel $falseDisabling the feature on either the client or the server prevents its use.Re-enablingYou can re-enable SMB Multichannel after you disabled it:On the SMB server side:Set-SmbServerConfiguration -EnableMultiChannel $trueOn the SMB client side:Set-SmbClientConfiguration -EnableMultiChannel $trueYou need to enable the feature on both the client or the server to start using it again.51SMB /RSS NIC Set-SmbClientConfiguration MaximumConnectionCountPerServer 8Set-SmbClientConfiguration -ConnectionCountPerRssNetworkInterface RDMA NIC NICSet-ItemProperty -Path ` "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" ` ConnectionCountPerRdmaNetworkInterface -Type DWORD -Value ForceSet-ItemProperty -Path ` "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" ` ConnectionCountPerNetworkInterface -Type DWORD -Value Force#Total Connections per client/server pairYou can configure the maximum total number of connections per client/server pair using the PowerShell cmdlet:Set-SmbClientConfiguration MaximumConnectionCountPerServer Connections per RSS-capable NICYou can configure the number SMB Multichannel connections per RSS-capable network interface using the PowerShell cmdlet:Set-SmbClientConfiguration -ConnectionCountPerRssNetworkInterface Connections per RDMA-capable NICIt is even less likely that youll need to adjust the number of connections per RDMA-capable interface.That can be configured via a registry key using PowerShell:Set-ItemProperty -Path ` "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" ` ConnectionCountPerRdmaNetworkInterface -Type DWORD -Value ForceConnections for other types of NICFor NICs that are not RSS-capable or RDMA-capable, there is likely no benefit of using multiple connections. In fact, this will likely reduce your performance.However, for troubleshooting purposes, there is also a registry key to change the default settings of 1 connection per setting.That can be configured via a registry key using PowerShell:Set-ItemProperty -Path ` "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" ` ConnectionCountPerNetworkInterface -Type DWORD -Value Force

52SMB 1. 2. SMB SMB :

SMB :Get-NetAdapterGet-NetAdapterRSSGet-NetAdapterRDMAGet-SmbClientConfiguration | Select EnableMultichannelGet-SmbClientNetworkInterfaceGet-SmbServerConfiguration | Select EnableMultichannelGet-SmbServerNetworkInterface3. SMB Get-SmbConnectionGet-SmbMultichannelConnectionGet-SmbMultichannelConnection -IncludeNotSelected#You can use PowerShell to verify you are using SMB Multichannel.Step 1: Verify network adapter configurationUse the following PowerShell cmdlets to verify you have multiple NICs and/or to verify the RSS and RDMA capabilities of the NICs. Run on both the SMB server and the SMB client.Get-NetAdapterGet-NetAdapterRSSGet-NetAdapterRDMAStep 2: Verify SMB configurationUse the following PowerShell cmdlets to make sure SMB Multichannel is enabled, confirm the NICs are being properly recognized by SMB and that their RSS and RDMA capabilities are being properly identified.On the SMB client, run the following PowerShell cmdlets:Get-SmbClientConfiguration | Select EnableMultichannelGet-SmbClientNetworkInterfaceOn the SMB client, runthe following PowerShell cmdlets:Get-SmbServerConfiguration | Select EnableMultichannelGet-SmbServerNetworkInterfaceStep 3: Verify the SMB connectionOn the SMB client, start a long-running file copy to create a lasting session with the SMB Server. While the copy is ongoing, open a PowerShell window and run the following cmdlets to verify the connection is using the right version of SMB and that SMB Multichannel is working:Get-SmbConnectionGet-SmbMultichannelConnectionGet-SmbMultichannelConnection -IncludeNotSelected

53SMB [] [] [] [Windows] [SMB Client] [Operational]Event ID 30700-30705

PowerShell SMB

Get-WinEvent -LogName Microsoft-Windows-SMBClient/Operational | ? { $_.Id -ge 30700 and $_.Id le 30705 } Get-WinEvent -LogName Microsoft-Windows-SMBClient/Operational | ? { $_.Id -ge 30700 and $_.Id le 30705 and $_.Level eq 2 }

#SMB Multichannel events are recorded in the SMB Client log. You can look at this log using the Event Viewer or query it using PowerShell. Heres how to do it:Option 1: Using Event ViewerTo view the SMB Multichannel events using Event Viewer, use the following steps on the SMB Client:Open Server ManagerIn Server Manager, click on Tools, then Event ViewerIn Event Viewer, expand the tree on the left to show Applications and Service Logs, Microsoft, Windows, SMB Client, OperationalClick on Filter Current Log on the Actions pane on the right and enter 30700-30705 on the filter for Event IDs.To view only errors:Click on Filter Current Log on the Actions pane on the right and click on the checkbox labeled Errors.Option 2: Using PowerShellTo view the SMB Multichannel events using PowerShell, use the following cmdlet on the SMB Client:Get-WinEvent -LogName Microsoft-Windows-SMBClient/Operational | ? { $_.Id -ge 30700 and $_.Id le 30705 } To list only errors, use the following cmdlet:Get-WinEvent -LogName Microsoft-Windows-SMBClient/Operational | ? { $_.Id -ge 30700 and $_.Id le 30705 and $_.Level eq 2 }54#55Windows Server 2012 #Windows Server 2012 Windows Windows

(CSV)

56?SSD1Active Directory ACL3# 1 ()

Active Directory Windows

: : 2 3 : 2 1 3 2 2 3 () 1 1 " "

57?

Windows PowerShell# 1 1

2 3 ( 63 )2 1 1 3 1 Windows

58SATASupportedSCSISupportediSCSISupportedSupportedSASSupportedSupportedUSBSupportedWindows Server 2012 1 2 3 3 10 GB #

Windows Server 2012 1 2 3 3 10 GB SATA: Serial Advanced Technology Attachment ( )SCSI: Small Computer System Interface ( )iSCSI: Internet Small Computer System InterfaceSAS: Serial Attached SCSIUSB: ( )

11601450TB112814

59 /MPIOClassPnP Volsnap.sysI/O

JBODSpaceport.sys

#The presentation of LUNs as disks to the operating system is a function of the storage stack.As an example, suppose a drive array (e.g. Just a Bunch of Drives (JBOD)) is connected to Windows Server 2012 and four 100 Gigabyte LUNs are presented. The Windows storage stack along with the requisite third party drivers to support connectivity to the storage solution allows for proper detection of the drives. Opening the Disk Management interface, the four disks are brought online and initialized. No partitioning is required for the disks. If any disk is partitioned, Storage Spaces will not use it. Opening Device Manager and expanding Disk Drives, the four disks are verified as being properly registered with the operating system.To this point, we have only relied on part of the storage stack. If the attached storage meets the requirements for Storage Spaces, the Primordial Pool will be populated in the File and Storage Services interface.

60

#VHD(X)

# 2 3 50 66% 13 33% #[Review the types of data redundancy available for Storage Spaces and the pros/cons of each]

63

Source: IDC Worldwide File-Based Storage 2011-2015 Forecast: Foundation Solutions for Content Delivery, Archiving and Big Data, doc #231910, December 2011Data Dedupplication 1 NTFS Windows Server 2012#64Deduplication File1MetadataDataABCMNFile2MetadataDataABCXYDeduplicate FilterFile1MetadataABCMNFile2MetadataXY32128kbSystem Volume Information Store ----#65Deduplication Source: Sample File Server Production data (12 Servers, 7TB)#Deduplication : 20-35MB/s1 100GB/hVHD copy (0.7-1.5x)VHD update (1.3x)

No impactRead/Write Access: #Tech Ready 15 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.7/12/201367Deduplication Boot, System, FAT, ReFS, CSV32Kb Deduplication Hyper-V VHDVDIVHDWSUS SQL Server Exchange Server1TBVHDSQL Server Exchange Server #Tech Ready 15 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.7/12/201368Windows PowerShell SMAPIStorage Management API PowerShell PS C:\> Get-Command *storage*CommandType Name ModuleName----------- ---- ----------Function Get-StorageJob StorageFunction Get-StoragePool StorageFunction Get-StorageProvider StorageFunction Get-StorageReliabilityCounter StorageFunction Get-StorageSetting StorageFunction Get-StorageSubSystem StorageFunction New-StoragePool StorageFunction New-StorageSubsystemVirtualDisk StorageFunction Remove-StoragePool StorageFunction Reset-StorageReliabilityCounter StorageFunction Set-StoragePool StorageFunction Set-StorageSetting StorageFunction Set-StorageSubSystem StorageFunction Update-HostStorageCache StorageFunction Update-StorageProviderCache StorageCmdlet Add-VMStoragePath Hyper-VCmdlet Get-VMStoragePath Hyper-VCmdlet Move-VMStorage Hyper-VCmdlet Remove-VMStoragePath Hyper-V#All Provisioning and management of storage can be done using PowerShell. Although the new Server Manager user interface in Windows Server 2012 provides a very convenient and intuitive workflow to provision and manage storage, interaction with PowerShell is required to access many of the advanced features afforded by the new Storage Management application programming interface. For example, you can easily create a virtual disk in the user interface; however, the wizard only allows setting the following parameters: Underlying storage pool name Virtual disk name Resiliency setting (Simple, Mirror, or parity) Provisioning type (Thin or Fixed) Virtual disk size In contrast, when creating a virtual disk via PowerShell, you can specify additional parameters to tune both resiliency and performance. Number of columns: the number of columns the virtual disk contains Number of data copies: Number of complete copies of data that can be maintained Disk interleave: Number of bytes forming a stripe Physical disks to use: Specific disks to use in the virtual disk 69#70ActivePassiveActiveActive#2 IW SQL ServerHyper-V SAN LUN #IW

(NAS ) SQL Server 2008 R2 SQL Server 2008 R2 SMB () SQL Hyper-V Windows Server 2012 SMB (SMB 3.0) 2 SAN () LUN ( ) 72 Hyper-VOSSQL ServerCSV File System (CSVFS)DNNNTFS BitLockerIOSMB 3.0 SMB 3.0SMB SMB SMB SMB RDMA SMB Windows PowerShell SMB # Windows Server 2012 ( )

Windows Server 2012 SMB 3.0 Windows Server 2012 SQL Server Hyper-V (HBI) (CA)

SMBv3.0 ( )

SMB SMB 2 (SOFS 864)

SMB SMB

Windows SMBv3.0 Windows Server 2012

IT SMB SMB Windows

CSV v2 (CSVv2) SMB () (CSV) Windows Server 2008 R2 Windows Server 2008 R2 Hyper-V CSV

Windows Server 2012 CSV Windows Server 2012 CSV CSV CSV CSVv2 - CSV CSV - CSVv2 CSV (CSVFS)CSVFS (SQLHyper-V) NTFS ()CSVv2 NTFS I/O ( ) I/O CSV (SMB/SRV ) (oplock) CSVFS CSVFS oplock I/O () ( )SMB SMB CSV RDMA I/O ( ) CSV BitLocker

73?Windows Server 2012 SMB Hyper-V SQL Server Windows Server 2008 R2 , CAP SMB NFS 1#In operating systems prior to Windows Server 2012, highly available file services were provided by failover cluster Client Access Point (CAP) that clients could use to connect to SMB (Server Message Block) or Network File System (NFS) shares on physical disk resources. If you deployed a shared-nothing cluster, only one node in a cluster File Server group could be online. In the event of a failure or if the File Server group was moved to another cluster node, clients were disconnected and had to reconnect when the group became available on an online node in the cluster. In Windows Server 2012, the File Server Role has been expanded to include a new scenario where application data (specifically Hyper-V and SQL Server) is supported on highly available SMB shares in Windows Server 2012 Failover Clustering. 74Windows Server 2008 R2 SMB 3.0

Windows Server 2012 Distributed Network Name: DNN(CSV) Version 2 ( 4

#75CSVCluster-Shared VolumeHDDHyper-V+Failover ClusterNodeHyper-V+Failover ClusterNodeHyper-V+Failover ClusterNodeHyper-V+Failover ClusterNodeSAN/iSCSIHDDHyper-V+Failover ClusterNodeHyper-V+Failover ClusterNodeHyper-V+Failover ClusterNodeHyper-V+Failover ClusterNodeSMB 3.0Clustered File ServerScale out File Server CSVFS Windows Server 2008 R2 Hyper-V ClusterVHDWindows Server 2012 CSVCSVWS2008 R2 WS2012 #76Node1Node2Node4CSVCSV v2iSCSI/SANFailover Cluster(max 4 nodes) SMB 3.0\\Server\ShareFile ServerNode3#Hyper-V & & Node1Node2Node8CSVCSV v2File ServerHyper-VHyper-VHyper-VHyper-VHyper-VFailover Cluster(max 64 nodes)NodeNodeNodeNodeNode\\Server\ShareSMB 3.0AD DSKDCNode8Failover Cluster(max 8 nodes)iSCSI/SAN#Node1Node2Node3Node4HAFileServerCSVNode1A10.0.0.1Node2 A10.0.0.2Node3A10.0.0.3Node4A10.0.0.4HAFileServerA 10.0.0.1HAFileServerA 10.0.0.2HAFileServerA 10.0.0.3HAFileServerA 10.0.0.4CSV v2Hyper-VHyper-VHyper-VHyper-VDNSiSCSI/SANDNNiSCSI NIC# (DNN) (CAP) CAP (NN) (NetBIOS ) 1 IP (IPv4 / IPv6) DNS WINS CAP DNS WINS 14 CAP DNN

(CAP) CAP

Windows Server 2012 1 "" "" 1 SOFS ( ) SOFS

79DNN

#DNN IP DNN IP DNS DNN Kerberos Active Directory

DNN DNS ( ) IP DNS ( 24 DNN ) DNS SMB IP DNS 8 IP 100 IP IP (SMB )

80WitnessNode1Node2CSVCSV v2ClientSMB ServerSMB ServerSMB ClientNode1A10.0.0.1Node2 A10.0.0.2HAFileServerA 10.0.0.1HAFileServerA 10.0.0.2DNSSMB3.0Witness NodeDNSDNNNode1SMBNode1Node1ClientWitnessNodeNode1NodeNodeNode2WitnessNode2 Client Node2 Client Witness Node

Node1Node2 SMB3.0 Node1Client Node1TCP#81 ?Node1Node2OWNERCSVFSDirectRedirectHyper-V SQL Server Office 60%70%CSVFSClassificationData DedupplicationNTFS Owner #82 1 (SMB) Windows Server 2012 IP DNS CSVCSV/ 1 / # SMBNetwork File System (NFS)BranchCacheDFS - DFS DFS (VSS) #84Windows Server 2012 Storage Space CSV NTFS ReFS Fat32 Fat16

CSVCSVFS NTFS#Hyper-VWindows Server 2012 #86Hyper-V #87Hyper-V System ResourceWindows Server 2008 R2Windows Server 2012643205x1 TB4 TB4x5122,0484x46416x64 GB1 TB16x13841,0242.7x16644x1,0004,0004x#Features in Hyper-V in Windows Server 2012 that support the virtualization of high-performance, scale-up workloads include: Increased hardware support for the virtualization host. Hyper-V in Windows Server 2012 RC supports running on a host system with up to 320 logical processors and 4 terabytes of memory, providing greater compatibility with very large server systems. Support for large virtual machines. Hyper-V in Windows Server 2012 supports configuration of virtual machines with up to 64 virtual processors and 1 TB of memory. Use of NUMA to speed up the performance of virtual machines. Non-Uniform Memory Access (NUMA) is a computer architecture used in multiprocessor systems in which the time required for a processor to access memory depends on the memorys location relative to the processor. NUMA provides the affinity to prefer local memory access over remote memory access. By projecting a virtual NUMA topology onto large virtual machines, Hyper-V in Windows Server 2012 RC enables the guest operating system and applications such as Microsoft SQL Server to use their existing thread scheduler and memory allocation optimizations, which provides better performance and scalability of demanding workloads.88Virtual NUMA NUMA SQL Server Windows Server 2012

NUMA: Non-Uniform Memory Access#Virtual NUMAIn addition to its expanded processor and memory support on hosts and for VMs, Hyper-V in Windows Server 2012 also expands support for Non-Uniform Memory Access (NUMA) from the host into the VM. NUMASQL ServerNUMAHyper-VNUMAVMSQL Server NUMANUMA VMRAMCPU2012NUMANUMA

How It WorksNUMANUMAOSOSNUMA44NUMA2 2NUMANUMANUMA

Virtual NUMA and failover clusteringNUMA

89HostSR-IOVSingle Root I/O VirtualizationNICNetwork I/O path without SRIOVNetwork I/O path with SRIOVRoot PartitionHyper-V Switch

Physical NICVirtual Machine

Virtual NICRoutingVLAN FilteringData CopyVMBUSHostRoot PartitionHyper-V SwitchSR-IOV Physical NICVirtual Machine

Virtual FunctionRoutingVLAN FilteringData Copy

#90Hyper-V over SMB& Shared-Nothing Live Migration#91... vs Compute /Storage CPU/RAM/NICHDDCPU/RAM/NICHDD#ComputeStorage92Compute Storage Compute Storage CPU/RAM/NICHDDnetwork#ComputeStorage93Windows Server 2012 SMB 3.0 Hyper-V over SMBWindows Server 2012 Hyper-V SMB 3.0 SMB Server Message Block (SMB) #The Server Message Block (SMB) protocol is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network. The SMB protocol can be used on top of the TCP/IP protocol or other network protocols. Using the SMB protocol, an application (or the user of an application) can access files or other resources at a remote server. This allows applications to read, create, and update files on the remote server. It can also communicate with any server program that is set up to receive an SMB client request. Windows Server 2012 introduces the new 3.0 version of the SMB protocol.Hyper-V in Windows Server 2012 RC introduces a new storage optionsupport for Server Message Block 3.0 for remote file storage. This capability provides increased flexibility, easier storage provisioning, and reduced system costs when compared to the storage options in Windows Server 2008 R2. Hyper-V can store virtual machine files, such as configuration, Virtual hard disk (VHD) files, and snapshots, in file shares over the SMB 3.0 protocol. This can be used for both stand-alone file servers and clustered file servers that use Hyper-V together with shared file storage for the cluster. 94OS

Hyper-V

OS

Hyper-V

Windows Server 2012

SMB 3.0OSHyper-V over SMB#Active Directory Domain ServiceWindows Server 2012SMB 3.0 SMB 2.0 Hyper-VWindows Server 2012SMB 3.0 SMB 2.0 Hyper-VAD DSWindows Server 2012 Hyper-V AD DS Hyper-V over SMB Hyper-V

\\Server\Share\xxx.vhdxSMB 3.0#The requirements for implementing Hyper-V over SMB 3.0 include:One or more computers running Windows Server 2012 with the File Services role installedThe file server must have Windows Server 2012 installed, so the new SMB 3.0 protocol is available. You can also use non-Microsoft file servers that implement the SMB 3.0 protocol. Hyper-V does not block older versions of SMB, however, the Hyper-V Best Practice Analyzer issues an alert when an older version of SMB is detected.One or more computers running Windows Server 2012 with the Hyper-V role installedLoopback configurations (where the computer that is running Hyper-V is used as the file server for virtual machine storage) are not supported.A common Active Directory infrastructure. The servers running Active Directory Domain Services (AD DS) do not need to run Windows Server 2012. An Active Directory infrastructure is required, so you can grant permissions to the computer account of the Hyper-V hosts.

Note: Although not required, Failover Clustering is supported on the Hyper-V side, the File Services side, or both. They must be separate clusters.

96 & OS

Hyper-V

OS

Hyper-V

OS Windows Server 2012 # OS CSVHyper-V

Hyper-V

VMSAN/iSCSINodeNode# Compute

\\Server\Share\xxx.vhdxSMB 3.0ComputeSMB 3.0VM#Virtual MachineHyper-V Hyper-V

VHD/VHDXVirtual MachineSMB 3.0SMB 3.0 Dirty Switch Running arp#Windows Server 2008 R2 , . 2VHDVHDX1 Windows Server 2012 Hyper-V Windows Server 2008 R2VM. Remember, you can still perform Live Migration on VMs with shared storage or in clusters, Windows Server 2012 Hyper-V OSOS

1. Live migration . TCP

2. VMVM

3. The third stage of a live migration is a memory copy process that duplicates the remaining modified memory pages for test virtual machine to the destination server. The source server transfers the CPU and device state of the virtual machine to the destination server. During this stage, the network bandwidth available between the source and destination servers is critical to the speed of the live migration. Using a 1 Gigabit Ethernet or faster is important. The faster the source server transfers the modified pages from the migrating virtual machines working set, the more quickly the live migration is completed. The number of pages transferred in this stage is determined by how actively the virtual machine accesses and modifies the memory pages. The more modified pages there are, the longer it takes to transfer all pages to the destination server. After the modified memory pages are copied completely to the destination server, the destination server has an up-to-date working set for test virtual machine. The working set for test virtual machine is present on the destination server in the exact state it was when the migration process began. VMVM(Continued from previous slide)5. VMRunningVMPING6. VMVMMAC

[Notes regarding timing]The live migration process completes in less time than the TCP time-out interval for the virtual machine being migrated. TCP time-out intervals vary based on network topology and other factors. The following variables may affect live migration speed: The number of modified pages on the virtual machine to be migratedthe larger the number of modified pages, the longer the virtual machine will remain in a migrating state.Available network bandwidth between source and destination servers.Hardware configuration of source and destination servers.Load on source and destination servers.Available bandwidth (network or Fibre Channel) between servers running Hyper-V and shared storage.

100Hyper-V

SMB 3.0SMB 3.0# VMxx.vhdSMB 3.0\\ITCAMP-FS\VMSTORE\VMxxITCAMP-PCxx192.168.210.xxHyper-VVMxxSMB 3.0\\ITCAMP-FS\VMSTORE\\VMxxITCAMP-PCxx192.168.210.xxHyper-VVMxxVMxx.vhd11C:\ProgramData\Microsoft\Windows\Hyper-V#WS2012 Hyper-V WS2012 Hyper-VswitchStorageStorage

switchSMB Compute Storage SMB!SMB SMB #Hyper-V #104Hyper-V ?LAN WAN Windows Server 2012 Hyper-V Hyper-V Hyper-V RSATSystem Center Virtual Machine Manager (SCVMM) - Hyper-VHyper-VVMVM

#Hyper-V Replica Hyper-V Hyper-VAPIDRHyper-V Replica IaaS

What Is Hyper-V Replica?

Hyper-V Replica enables organizations using Windows Server 2012 to implement an affordable Business Continuity and Disaster Recovery (BCDR) solution for virtualized workloads without using 3rd-party technology. This allows virtual machines running at a primary site to be efficiently replicated to secondary location (Replica site) across a WAN link. In this discussion, we define two sites: the primary site, which is the location where the virtualized environment normally operates; and the Replica site, which is the location of the server that will receive the replicated data. At the primary site, the primary server is the physical server that hosts one or more primary virtual machines. At the Replica site, the Replica server similarly hosts the Replica virtual machines.Hyper-V Replica provides a storage-agnostic and workload-agnostic solution that replicates efficiently, periodically, and asynchronously over IP-based networks, typically to a remote site. It is simple to configure and does not require either shared storage or any particular storage hardware. Any server workload that can be virtualized in Hyper-V can be replicated. Replication works over any ordinary IP-based network, and the replicated data can be encrypted during transmission. (continued on next hidden slide)

Hyper-V Replica is implemented as part of the Hyper-V Role. The Hyper-V servers can function as members of a Workgroup or as member servers in the same or different Active Directory domains. Hyper-VHyper-V Replica

ScenariosHead Office and Branch Office The Head Office and Branch office scenario typically involves Mid-Market customers who have a main corporate Head Office and one or more Branch Offices located in different physical locations. This type of customer typically has a limited budget for purchasing hardware, WAN connectivity, and hiring IT Staff. As part of a cost saving initiative, a customer may decide to implement Microsoft virtualization technologies to migrate corporate applications running on physical hardware to virtualized workloads running on Microsoft servers running the Hyper-V role. One or more of servers are hosted in the Head Office location either as standalone servers or as part of one or more Hyper-V Failover Clusters. Enterprise DatacenterThe Enterprise Datacenter scenario is very similar to the Head Office and Branch Office scenario in terms of the actual steps an administrator executes to implement Disaster Recovery using Hyper-V Replica. The main difference would be scale. Enterprise environments typically include one, or more, large, geographically dispersed datacenters supporting a greater number of virtualized workloads running on more servers. Additionally, enterprise environments may implement Third Party or 'homegrown' applications that take advantage of Hyper-V Replica APIs (Application Programming Interface) in an effort to streamline internal management processes. Hosting Provider DatacenterThe Hosting Provider Datacenter scenario is very similar to the Enterprise scenario in terms of the actual steps an administrator executes to implement Disaster Recovery using Hyper-V Replica. Hosting companies have additional concerns in that they are dealing with multiple customers (tenants) on a shared internal infrastructure. This requires implementing stricter isolation policies within the datacenter and a billing system that can accurately track resource usage.Customer Office and Hosting Provider Data Center (Cross-Premises)The Customer Office and Hosting Provider Datacenter (Cross-Premises) scenario takes the Hosting Provider Datacenter scenario one-step further in that Disaster Recovery is provided as a service (Infrastructure as a Service (IaaS)) to customers external to the hosting company itself.

105Windows Server 2012 Hyper-V Firewall HTTP/HTTPSX.509v3 http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate-requirements.aspx

#You can set up replication of Hyper-V virtual machines as long as you have any two physical Windows Server 2012 servers which support the Hyper-V role.

To take advantage of the Hyper-V Replica the following prerequisites must be met:Hardware that supports the Hyper-V Role on Windows Server 2012Sufficient storage on both the Primary and Replica servers to host the files used by virtualized workloadsNetwork connectivity between the locations hosting the Primary and Replica serversProperly configured firewall rules to permit replication between the Primary and Replica sitesAn X.509v3 certificate to support Mutual Authentication with certificates (if desired or needed). If you plan to use certificate-based authentication (required for the replicated data to be encrypted during transmission), you will need an appropriate certificate, which can either be local and self-signed, or supplied by a certificate server in your deployment.

106

#Hyper-V Replica tracks the write operations on the primary virtual machine and then replicates these changes to the Replica server over a WAN. The network connection between the two servers uses the HTTP protocol and supports Kerberos authentication and certificate-based authentication, with optional support for encryption. Hyper-V Replica is closely integrated with failover clustering in Windows Server 2012, and it provides nearly seamless replication across different migration scenarios in the Primary and Replica servers. This allows virtual hard disks to be stored in a different location to enable recovery in case the data center goes down due to natural disaster or other causes. Component/PurposeReplication Engine: The Replication Engine, in many respects, is the 'heart' of Hyper-V Replica. It manages the replication configuration details and handles initial replication, delta replication, failover, and test-failover operations. It also tracks virtual machine and storage mobility events and takes appropriate actions as needed (i.e., it pauses replication events until migration events complete and then resumes where they left off)Change Tracking: The Change Tracking module provides a virtual machine level change tracking mechanism on the Primary server by keeping track of the write-operations, which happen in the virtual machine. This component is designed in such a way that it makes the scenario work irrespective of where the virtual machine VHD file(s) resides; VHD files can be hosted on Direct Attached Storage (DAS), a SAN LUN, an SMB share on a File Server, or a Cluster Shared Volume (CSV).

Component/Purpose, cont.

Network Module: The Networking Module provides a secure and efficient (data compression by default) network channel to transfer virtual machine replicas between Primary and Replica sites. Network communications are built on top of HTTP\HTTPS protocols and support integrated as well as certificate-based authentication with optional support for encryption Hyper-V Replica Broker role: The Hyper-V Replica Broker role is configured in a Windows Server 2012 Failover Cluster. This functionality supports seamless replication even in the event of a migration of a replica virtual machine from one cluster node to another in a separate cluster. This is achieved by interacting with the Windows Server Failover Clustering (WSFC) service and the Hyper-V Network module. The Hyper-V Replica Broker redirects all virtual machine specific events to the appropriate node in the replica cluster. The Broker queries the cluster database to determine which node should handle which events. This ensures all events are redirected to the correct node in the cluster in the event a Quick Migration, Live Migration or Storage Migration process was executed.

Management Experience includes the following components:Hyper-V Manager UI: The replication settings are available in the Hyper-V Manager and provide an end-to-end experience for replication configuration, inbox monitoring, test failover, planned failover, unplanned failover and reverse-replication experiences.Failover Cluster Manager UI: When Primary or Replica servers are part of a Hyper-V Failover Cluster, all management for the virtual machines and the Hyper-V Replica configurations should be done from the Failover Cluster Manager interface.Scripting: Hyper-V Replica functionality is integrated within the Hyper-V PowerShell ModuleHyper-V Replica APIs: These are part of the Hyper-V WMI interface. This interface can also be used by Third Party management software applications. Remote Management: The Hyper-V Manager UI is included as part of the Remote Server Administration Tools (RSAT) that can be installed on supported Windows 8 Consumer Preview operating systems so administrators can remotely manage virtual machine replication.

107Hyper-V #108 Compute

\\Server\Share\xxx.vhdxSMB 3.0ComputeSMB 3.0VM#Hyper-V over SMB # Compute

\\Server\Share\xxx.vhdxSMB 3.0ComputeSMB 3.0VMNodeNode#Hyper-VFOC111Hyper-V &

64

Hyper-V#Hyper-V over SMB & ITCAMP-FS192.168.210.30VMSTOREVHDVHDVHD\\ITCAMP-FS\VMStoreSMB 3.0AD DSKDCHyper-VHyper-VHyper-VHyper-VHyper-VFailover Cluster(max 64 nodes)NodeNodeNodeNodeNode#Hyper-V over SMB & & Node1Node2Node8CSVCSV v2iSCSI/SANHyper-VHyper-VHyper-VHyper-VHyper-VFailover Cluster(max 64 nodes)NodeNodeNodeNodeNode\\FileServer\ShareSMB 3.0AD DSKDCNode8Failover Cluster(max 4 nodes)#Node1Node2Node8CSVCSV v2iSCSI/SANHyper-VHyper-VHyper-VHyper-VHyper-VFailover Cluster(max 64 nodes)NodeNodeNodeNodeNode\\FileServer\ShareSMB 3.0Failover Cluster(max 4 nodes)AD DSKDCHyper-VStorage#VDI#

PC LyncHelloFirewallOffice 365

:VDI, App-V, UE-V, Office 365

File Server

VirtualDesktopInfrastructureADHyper-V & RDS

Gateway

ConfigMgr, Endpoint Protection,

#117DesktopVDI = Desktop 3 + 1 OSApplicationUser StateDeviceAppsStoreOSStoreUser StatesStoreDeviceDevice#Windows Server Active Directory Domain Service

Infrastructure Management

Microsoft VDI OS

RDSHyper-VApp-VRemoteAppUE-V

#119OS #3 OS VirtualizationPowered by Windows Server 2012RDS + Hyper-V#SessionsPersonal VMsPooled VMs

Architecture GoodBetterBest#With RDS in Windows Server 8, you can deploy Sessions, personal VMs or pooled VMs, all using the same platform. However, how do you choose which architecture is right for you?

Irrespective of which deployment model you choose, you get some common benefits:The powerful administration capability through the inbox management console, with simple setup, intelligent patching and unified management using System Center.A powerful and scalable virtualization platform, irrespective of whether you are deploying Session desktops on RDS, or VM desktops on Hyper-V.A consistently rich user experience across LAN and WAN.

However, your choice of architecture should depend on one of the following five pivots:Personalization: Do your users need the ability to customize their desktops? If so, what level of customization do they need? With Sessions and Pooled VMs, users have some limited personalization capability with User Disks, like the ability to persist their data across different logins. However they cant persist user installed applications across logins. However, with a personal desktop (assuming of course that the user has admin rights on their desktop), users can change any aspect of their desktop, including installing their own applications across multiple logins.Application compatibility: Session based desktops share a common server OS, and hence any applications that are to be installed need to be compatible with Windows Server 8. However, in both VM scenarios, its the Windows Client OS thats running within the VM, and hence application compatibility is always higher for VMs than Sessions. However, with personal VMs, users can install their own apps, as opposed to pooled VMs, where IT decides what applications are presented to the user. Hence, personal VMs provide the highest level of application compatibility across all thee deployment models.User Density: Since Sessions share a single Server OS, the number of users that can be accommodated on a single session based server is always going to be higher than either VM based model. In some cases, we have seen that one the same spec hardware, you get twice the user density with Sessions than you can with VMs. With pooled VMs, since user data is either typically not stored locally or is stored on a separate User Disk, pooled VM sizes are typically smaller than personal VMs, and hence pooled VMs have slightly higher density. You can reduce the density of the VM based models by introducing user state and application virtualization technologies on the VM, but you will still have lower densities than sessions.Images: If getting to a single image is your goal, then the best way to get there is either through session based desktops, or by deploying pooled VMs. In a session based desktop, all users share a single server image, while in pooled VMs, all users get a cloned copy of a single master image. Single image configurations are easier to manage and have lower costs as compared to personal VMs, where each user gets their own individual image.Cost: Since sessions offer the highest densities and are single image, they are often easier to manage and hence offer the lowest cost. Pooled VMs get the single image and management benefits of sessions, but higher densities and management efforts means that they are more expensive to deploy than Sessions. Personal VMs have the lowest density and highest management efforts, making them the most expensive of the 3 deployment models. However, bear in mind that Windows Server 8 helps companies reduce overall VDI TCO, with support for lower cost storage (such as SMB and DAS), application virtualization, dynamic memory and User Disks.122OS Hyper-V + StorageSMB 3.0, NIC TeamingHyper-V over SMBLive Migration, Live Storage MigrationHyper-V Cluster( Failover ClusterScale-out File Server(Failover clustered file server

RDSRemote Desktop ServicesWEB AccessConnection BrokerGatewayLicense ServiceSession Host/VM Host#Remote Desktop Services# RDSHSession#1Session#2Session#3Session#4Windows Server RDPWindows Server UI Windows ServerWindows ServerSession#0 = Console SessionRDPRDPRDPRemote Desktop Service# or Hyper-VVM1VM2VM3Remote Desktop ServiceWindows ServerHyper-V VMOS

RDSRDSRDSRDPRDPRDP#FirewallRD Connection BrokerSSLSSLSSL

Windows Server Hyper-VOWN DEVICERemote Desktop Service

RD Web Access

RD Gateway

FirewallRDP#OS127

Hyper-V

sessionsession

#

RD Gateway

RD GatewayRDP over SSL RDP NAPNetwork Access ProtectionCAPRAPNAPRAP Domain Users Domain Computer 3389CAP

RDP over SSL443/tcpFirewallRDP3389#Hyper-V clusterWeb farmClusterfarmWeb farmRemote Desktop Connection BrokerActive/ActiveRemote Desktop LicensingRemote Desktop GatewayRemote Desktop Web AccessSQL Server Clustering#So, lets also look at what weve done with High Availability.What youre looking at is the high-level deployment architecture for all the components that go together in VDI deployment. We looked at these just a couple minutes ago. In order for a VDI deployment to scale and be highly available, each of these components needs to be highly available. In WS08 R2, this is how things worked.RDWeb: Can be scaled out. Its a web app, so it can scale out as a farm of web servers. Since WS08RDG: Also a web app, so it can scale out as a farm of web servers. Since WS08RDVH: A Hyper-V server, so it works as a HyperV Cluster. Different nodes in the cluster. If one fails, the workloads in the cluster, such as the VMs can migrate to another node in the cluster. Since WS08R2RDLS: Supported a cluster mode since WS08. RDVH and RDSH can access multiple servers in a farm.RDSH: TS Fram. Since WS03, very early version, has supported a farm configuration.The key new thing in WS2012 in this area is the high availability and scalability of connection broker. In WS08R2, we only supported Active/Passive Clustering for connection broker. In WS2012 we changed to support Active/Active mode. Connection broker has an internal database to store the configuration and runtime data for the entire deployment, things like where the user is logged on. What VM is on which host, which apps are published, etc.When Broker is configured in HA mode, you have multiple instances of the Broker, all of which run against a SQL DB cluster. All Broker instances are active: They are responding to load at the same time. Hence this configuration provides both availability and scale.All the key tasks that Connection broker manages, such as VM creation, or user logon creating/mountiung user VHDs, as well incoming connections that get redirected through Broker, all of these tasks work seamlessly with a multi-instance, highly available Broker deployment.This config requires that you have a SQL server in your configuration to host all the data for your VDI deployment. We support a wide variety of SQL clustering modes and SQL versions, including for example SQL Denali & Always ON High Availability mode. The most recent innovation that SQL is bringing to the space.Addl notes:Wizard in Admin UI walks you through the steps needed to set up a new broker instance. Automatically migrates configuration data from the source brokers data store to the shared SQL database. Powershell cmdlet to do the same.As in many other farm-type ha configurations, the broker instances need to be configured so they are at the same DNS name and authenticate under the same name. This is typically accomplished by using DNS Round Robin and a shared SSL certificate.

130Application #App-V

HTTPS

RemoteApp

RDP

2

#RD Connection BrokerRDSRemoteApp RD Web Access

RD GatewayFirewall Windows Server 2012 RDP

RDPRDP

Hyper-V#RD Web Web RD Web Access

RemoteApp RSShttps:///RDWEB/Feed/WebFeed.aspx

RDPRDP

ControlPanelRSSGPOAD DSWin8

Hyper-V#User State #OS VHD OS123

1

2

3# HDD

VHD

#RemoteApp ?RemoteApp C:\Users

# UE(User Experience)-VWindows 8 Windows 7 SP1 Windows Server 2008 R2 SP1Windows Server 2012IEOfficeLOBothersUE-VAgentAD DSGroup PolicySettings Location Template

#UX - RemoteFX# UX RemoteFXHyper-V

USB DeviceGPURemoteFX UX#RemoteFXGPUvGPU RemoteFX GPU Hyper-V Hyper-V SLAT Hyper-V DirectX 11 RDP 7.1 VRAM 1MB 16500 1920*1200 150MB USB Windows 7 RemoteFX PCUSBRD RD WS2012Windows 8 RemoteFX WAN UDPUX#142RemoteFX USB RDP RDP 8.0 RDP /PC

USB PortUSB USB CD/DVD USB USB USB WEBUSB EasyPrintRemoteFX USB EasyPrint/#MSTSCEasy Print RDP 6.1 XPS EasyPrint http://blogs.technet.com/b/askcorejp/archive/2011/08/03/scaling-feature-has-not-supported-from-windows-server-2008-r2-sp1.aspxWindows Server SpoolerWindows Client SpoolerEasy Print Printer DriverXPS Spool

Printing PluginXPS to GDI EMF SpoolRD

# RDP 6.1RDP 7.0RDP 7.1RDP 8.0OSXP SP2Vista SP1XP SP3Vista SP1, SP277 SP18RemoteApp7:RSS Feed EasyPrintPnPRD Gateway RD Web SSO RemoteFX GPUDirectX 11RemoteFX USB RDP UDP #

#DirectAccess#

SkyDrive

Firewall

LyncHelloSharePoint Server Exchange Server

: DirectAccessBitLockerRMSLync

DirectAccess

BitLocker/BitLocker To GoOffice 365

Active Directory#Firewall 148DirectAccessIT: FIREWALL

DirectAccessSharePointApps IntranetExchange

VPN

Win XP / Vista / Non-WindowsWindows 7Windows 8

Mobile BroadbandEnd User: Great ExperienceDirectAccess VPN DirectAccess #DirectAccess Windows 7 + Windows Server 2008 R2 DirectAccess VPN

DirectAccess (VPN) Web DirectAccess DirectAccess IT VPN

Windows Server 2012 DA

149 VPN DirectAccess VPNVPNDirectAccessPC Windows Server 2012 VPN #Windows Server 2012 DirectAccess Windows Server 2012 DirectAccess and RRAS ( )PKI Kerberos NAT64 DNS64 UAG (OTPOne Time Password)Windows PowerShell DirectAccess RRAS Direct Access PKI#1. Windows Sever 2012

(1) DirectAccessDirectAccess (VPN) Web DirectAccess DirectAccess IT VPN

(2) () Windows RRAS

(3) RRAS (Web ) RRAS Windows (UNC) RRAS 2 (VPN) VPN TCP/IP VPN VPN VPN ISDN ISDN

2.

Windows Server 2012 Windows 8 Windows PowerShell

(1) DirectAccess RRAS

Windows Server 2008 R2 DirectAccess (VPN) DirectAccess Windows 7 Enterprise Edition Ultimate Edition Windows (RRAS) VPN Windows Server 2008 R2 RRAS DirectAccess DirectAccess Windows Server 2012 DirectAccess RRAS DirectAccess VPN Windows Server 2012 DirectAccess

DirectAccess RRAS Windows Server 2012 Windows 7 DirectAccess RRAS DirectAccess RRAS DirectAccess DirectAccess PKI IPv4 NAT64 DNS64 NAT DirectAccess NAP OTP ( ) IP-HTTPS Server Core indows PowerShell IKEv2 IPsec VPN

(2)DirectAccess RRAS

DirectAccess RRAS DirectAccess RRAS DirectAccess 6 (IPv6) RRAS 2 (IKEv2) (IPsec) RRAS IKEv2 VPN DirectAccess DirectAccess IPsec (DoSP) DoSP IPv4 ICMPv6 IPsec IPv6 DirectAccess RRAS IPv4 IPsec IPv6 Windows Server 2012 DirectAccess RRAS IPv6 IKEv2 VPN IPsec DoSP DirectAccess RRAS

(3) DirectAccess

Windows Server 2012 PKI 2 IPv4 DirectAccess DirectAccess IPv6 (NLS)

(4)DirectAccess PKI

Windows 7 DirectAccess 1 (PKI) DirectAccess IPsec AuthIP Kerberos DNS (DC) Windows 7 DirectAccess AuthIP 2 1 2 NTLM IPsec DC Kerberos 1 2 Kerberos IPsec DirectAccess PKI Windows Server 2012 DirectAccess PKI HTTPS Kerberos DirectAccess Kerberos Kerberos Kerberos DirectAccess (NAP) 2 IPsec 1 IPsec (UDP 500/4500) TCP 443 ()DirectAccess TCP 443 DirectAccess DirectAccess (CA) TLS CA CA PKI DirectAccess IP-HTTPS KDC

(5) IPv4 NAT64 DNS64

Windows DirectAccess IPv6 IPv6 IPv6 IPv6 IPv6 DirectAccess IPv6 IPv6 Windows Server 2012 DirectAccess IPv4 DirectAccess IPv6 IPv4 (NAT64) (DNS64) NAT64 (DirectAccess ) IPv4 DirectAccess IPv6 DirectAccess 3 IPv6 IPv4 (Windows Server 2003 ) IPv6 IPv6 (Windows Server 2008 ) IPv6 (IPv6 )DirectAccess DirectAccess IPv4 ( DirectAccess IPv6 )NAT64 IPv6 IPv4 NAT64 DNS64 DNS64 DNS NAT64 IPv4 IPv6

Windows Server 2012 DirectAccess Microsoft Forefront Unified Access Gateway DirectAccess DirectAccess DirectAccess DirectAccess IPv4 NAT64 DNS64 NAT64 IPv6 NAT64 IPv4 IPv4 DirectAccess IPv6

(6) NAT DirectAccess

Windows Server 2008 R2 DirectAccess 2 IPv4 2 Teredo NAT Teredo NAT Teredo 2 IPv4 IPv4 IPv4 Windows Server 2012 DirectAccess NAT DirectAccess 1 IPv4 DirectAccess NAT IP over HTTPS (IP-HTTPS) IP-HTTPS HTTP IP IPv6

(7)

Windows Server 2008 R2 DirectAccess 2 IPsec DNSDC DirectAccess IPsec DNS IPsec Windows Server 2012 DirectAccess 1 IPsec DirectAccess DirectAccess 2 NAP DirectAccess 2 2 SCCM IP

(8)

Windows Server 2008 R2 DirectAccess Hyper-V Hyper-V DirectAccess 1 DirectAccess DirectAccess / Windows Server 2012 DirectAccess Windows (NLB) DirectAccess RRAS NLB

Windows Server 2012 DirectAccess 8 NLB 1

(9)

Windows Server 2008 R2 DirectAccess DirectAccess 1 DirectAccess DirectAccess DirectAccess Windows Server 2008 R2 DirectAccess Windows Server 2012 DirectAccess

(10)NAP

Windows Server 2008 R2 DirectAccess IPsec (NAP) (OID) NAP NAP (HRA) Windows Server 2008 R2 DirectAccess NAP DirectAccess DirectAccess Windows Server 2012 DirectAccess NAP NAP GPO NAP DirectAccess NAP NAP NAP IPsec HRA

(11)OTP ( ) (OTP) 2 Windows Server 2008 R2 DirectAccess 2 RSA SecurID OTP DirectAccess Windows Server 2012 DirectAccess 2 OTP PKI DirectAccess [] Windows Server 2012 DirectAccess (TPM) TPM 2

(12)

DirectAccess LAN DirectAccess IPsec VPN VPN VPN VPN DirectAccess IPsec DirectAccess DirectAccess IPsec DirectAccess Windows Server 2008 R2 DirectAccess Windows Server 2012 DirectAccess UI DirectAccess IP-HTTPS NAT64/DNS64 DirectAccess IPv4 IPv6

(13)IP-HTTPS

6to4 Teredo IPv6 IP-HTTPS IPv6 DirectAccess Windows 7 IPv6 IP-HTTPS IPv6 IPv4 HTTP IPv4 IPv6 IPv6 IPv6 Windows Server 2012 IP-HTTPS IP-HTTPS HTTP IP-HTTPS Windows 7 IP-HTTPS SSL/TLS IP IPsec 2 (1 IPsec2 SSL ) IPv6 (6to4 Teredo) DirectAccess Windows Server 2012 DirectAccess IP-HTTPS NULL SSL IP-HTTPS DirectAccess WPAD Internet Explorer IP-HTTPS IP-HTTPS DirectAccess Windows Server 2012 WPAD IP-HTTPS IP-HTTPS IP-HTTPS DirectAccess DirectAccess IP-HTTPS (CA) DirectAccess PKI

(14)

DirectAccess IT DirectAccess DirectAccess Windows Server 2008 R2 DirectAccess Windows Server 2012 DirectAccess NAP 2

(15)

DirectAccess DirectAccess DirectAccess IP-HTTPS Teredo DNS Windows Server 2012 DirectAccess DirectAccess Windows Server 2012 Windows Server 2012 Windows 7

(15)Server Core

Server Core Server Core Server Core Windows Server DirectAccess Windows Server 2012 Server Core DirectAccess RRAS Windows Server 2012 Windows PowerShell PowerShell

(16)PowerShell

Windows Server 2008 R2 DirectAccess Windows Server 2012 Windows PowerShell

(17)

Windows Server 2008 R2 RRAS DirectAccess DirectAccess DirectAccess Windows Server 2012 DirectAccess DirectAccess

(18)

[] (DirectAccess VPN ) DirectAccess (DirectAccess ) VPN (VPN ) (DirectAccess VPN ) ( ) ( ) ( DirectAccess VPN ) ( ) ( )

[ ] (19)

[] [] DirectAccess VPN [] 6to4DNSDNS64 IP-HTTPSIPsecISATAPKerberosNAT64 (IPsec DoSP)TeredoVPN VPN

(20)

RRAS DirectAccess RRAS Windows Server 2012

DirectAccess

1 [] []

1 DirectAccess Windows ID 1 ID GUID ID ID ID ID

/ [] ETL

Windows Server 2012 RADIUS Windows Internal Database (WID) NPS WID () 1 DirectAccess () DirectAccess RRAS WID NPS/RADIUS

(21) IKEv2 IPsec VPN Windows Server 2012 2 (IKEv2) VPN Windows Server 2008 R2 VPN RRAS IKEv2 IKEv2 VPN VPN () IKEv2 IPsec Windows Server 2012 RRAS VPN IKEv2

151DirectAccess Active Directory DirectAccess Account Operators Domain Admins Enterprise Admins IPv6 IPv6 IP Windows Firewall #OSWindows 7 Windows 8Windows Server 2008 R2 Windows Server 2012Active Directory

Active Directory IPv6 Windows Server 2008Windows Server 2008 R2Windows Server 2012

DNSOSDNSWindows Server 2008Windows Server 2008 R2Windows Server 2012#DirectAccess ServerDirectAccess IPv6 DirectAccess Core

IPv6IPv6IPv6 IPv6 IPv6IPv6IPv4IPv4Windows Server 2012 DirectAccess IPv6 IPv4 IPv6 DirectAccess IPSec#154InternetDMZDirectAccess FirewallFirewallDirectAccess ServerDirectAccess ServerDirectAccess ServerNIC

AD DSNICNICNICNICIntranet#IPv4 IPv6 IPv4 IPv4 or IPv6(Public) IPv6Public IPv4Private IPv4DirectAccessServerIPv6 over IPSecFirewallNAT, ProxyIPv6 over IPv4(w/ IPSec)6to46to4IP-HTTPS(IPv6 packets on an HTTPS)

IP-HTTPS ClientIP-HTTPS ServerFirewall#IPv4 or IPv6DirectAccessServer

Internet

Public IPv6Ipv6IPv4

Private IPv6ISATAPISATAPDNS64NAT64

IPv4 only#IPv6 6to4 (RFC3056)IPv6 IPv4 TeredoRFC4380IPv6 IPv4 2IPv4NICWindows Server 2012 + Windows 8 IP-HTTPSRFC1945, RFC2616, RFC2818IPv6 IPv4 HTTPS DirectAccess IPv6 IPSec HTTPS ISATAPIntra-Site Automatic Tunnel Addressing ProtocolIPv4 IPv6IPv6 IPv4 IPv6 #NICNIC IPv6 DirectAccess ClientIPv6 StackIPv4 StackApplicationDirectAccessAgentIPv4 DirectAccessServer

IPv6 IPv6 IPv4 NAT64DNS64 IPv4IPv4 StackIPv6 Stack# Firewall FirewallDANative IPv66to4IP-HTTPS Dist. IP 50 Dist. UDP 500Dist. IP 41Dist. TCP 443Dist. IP 41Src. TCP 443Src. UDP 500

#HTTPS Kerberos Proxy DirectAccessKerberos Kerberos Kerberos Windows Server 2012 DirectAccess PKI InternetIntranetDirectAccessServer

AD DS

KerberosProxy/IPSec tunnelFirewall#DirectAccess 2 IPSEC DirectAccess DNS oyobi AD DS 2WEB

Windows 7 DirectAccess1PKIPublic Key Infrastructure DirectAccess IPsec AuthIP KerberosDNSDCWindows 7 DirectAccess AuthIP2 IPSec2NTLMDCKerberosKerberosDirectAccess PKI

Windows 8 DirectAccess PKI HTTPSKerberos DirectAccess Kerberos proxy Kerberos proxy Kerberos Domain Controllers

NAP21IPSEC

161

DirectAccess Server

DirectAccess Server

DirectAccess Server

ClientDirectAccess#Windows Server 2012 DirectAccess DirectAccessDADA162Manage-Out DirectAccessDirectAccess InternetDirectAccess Server

Firewall

#DirectAccess IT2008R22012163

#High Availability configuration is enabled through the Configuration node of the Remote Access Management Console.The setup provides support for an external load balancer, or configuring NLB on the DirectAccess and RRAS servers. If the administrator selects the option to use Windows NLB, the IP addresses assigned to the server interfaces are converted to virtual IP (VIP) addresses. The administrator is then prompted to specify corresponding dedicated IP (DIP) addresses and subnet masks for each interface.

164DirectAccess Server

FirewallProxy

WEB

#NRPTDNS DNS NICDNSWindows 7/Windows Server 2008 R2 DirectAccess DNS ClientDNSInternetIntranetInternet

DirectAccess Server

FirewallNRPT DNS

NRPT AD DS#[] [Windows ] []

# NLS HTTPS DirectAccess WEB DirectAccess NLS NLSInternet

IntranetInternetFirewallNLS#

[] [] [] [] []#NRPT NLS NLS DirectAccess NLS NRPT Client DNSInternetIntranetInternet

DirectAccess Server

FirewallNRPT DNS

NRPT DirectAccess DirectAccess AD DSNLS

# Windows Server 2012 DirectAccessAD DSDjoin.exe /provisionGP InternetDirectAccess Server

Firewall DirectAccess#171 DirectAccess VPNRAS

WEB IIS WEB HTTP HTTP IP HTTP #NPAS/RRASIISNLSNetwork Location ServiceWIDDirectAccess GPOCMAKVPN

172RAS CMAKWindows Internal Database Windows PowerShell GUI#IIS 8.0 #174IIS 8.0 NUMAServer Name IndicationSSL IIS CPU Application initialization IP FTP Web Socket Protocol(ASP.NET 4.5)ASP 3.5 4.5

WEB#Most organizations today are usingor are planning fora combination of on-premises and off-premises IT resources and tools, resulting in hybrid environments of both on-premises and cloud resources. Windows Server 2012 provides enormous flexibility for hosting web-based applications on premises and in the cloud, giving organizations an advanced server platform that can provide flexibility, scalability, and compatibility for running vital applications. Windows Server 2012 takes advantage of symmetry in application development efforts for both the data center and the cloud. It provides the frameworks, services, and tools to increase scale and elasticity for multitenant-enabled applications that can be deployed both on premises and in the cloud. As a web platform, it improves website density and efficiency while enabling service providers to better build, provision, and manage a hosting environment. And as an open web platform, it supports mission-critical applications and enhanced support for open standards such as HTML 5 and open source applicationsIn this presentation we will look at the enhancements which make IIS 8.0 a scalable and elastic web platform.

175WEB NUMA SNI SSL SSL CPU SLA SSL IIS 8 #ProblemAs more e-commerce sites come on line and more businesses are storing and sharing sensitive documents on line, the ability to host and scale secure sites are increasingly more important. In addition, with cloud hosting and elastic scalability, server capacity must be added and removed dynamically. Prior to Windows Server 2012, there are a couple of challenges when it comes to hosting secure sites:SSL Scalability: In a multi-tenanted environment, such as a shared hosting, there is a limitation as to how many secure sites can be hosted on Windows Server, resulting in a low site-density. The ability to take advantage of available hardware resources is also a challenge.SSL Manageability: The certificates are stored local to each Windows Server. Therefore, they need to be managed individually on each Windows Server. A simple task such as renewing a certificate must be repeated on every server. In addition, adding a new Windows Server may take hours, if there are thousands of certificates that must be imported.SolutionManagement experience of SSL binding is simplified through Server Name Indication which uses a virtual domain name to identify a network endpoint, eliminating the need to have a dedicated IP address for each secure site. NUMA-Aware scalability will allow you to benefit from the dramatic advances in server hardware resources expected over the next several yearsOn Windows Server 2012, the Centralized SSL Certificate Support feature allows the server administrators to store and access the certificates centrally on a file share. Similar to Shared Configuration feature introduced in Windows Server 2008, the Windows Servers in a server farm can be configured to load the certificates from the file share on-demand. With this feature, the management experience of SSL bindings is much simplified. When it comes to SSL, the DNS name and CN name of the certificate must match. Similar contract can be further extended to the file names of the certificates. For example, www.contoso.com would use the certificate with a file name www.contoso.com.pfx. This contract enables Windows Server 2012 to have just one SSL binding, regardless of the number of secure sites that are using this feature. The corresponding certificate is inferred by the SNI value or hostname of the requested web site, and by matching it to the file name of the certificate.

176NUMA NUMA

CPUNUMACPU#IIS 8 Multicore Scaling on NUMA HardwareGenerally speaking, increasing the number of cores should result in increased performance. However, there comes a point where increasing the number cores may result in performance degradation because the cost of memory synchronization out-weighs the benefits of additional cores. IIS 8 addresses this problem by intelligently distributing and affinitizing its processes on Non-Uniform-Memory-Access (NUMA) hardware. Internet Information Services (IIS) on Windows Server 8 is NUMA-aware and provides the optimal configuration for the IT administrators.Computer hardware continues to make great advances, and within the next several years server hardware with 64 cores or more will be commonplace. In the past, scaling up to such powerful hardware could be problematic due to the challenges and cost of synchronizing memory between CPUs. Windows Server 2012 RC introduces NUMA-Aware Scalability, a component of IIS 8.0 that addresses this issue by taking advantage of pending advances in hardware, including NUMA (Non-Uniform Memory Access) architecture, i